Grandmother’s Refusal to Remove Photos From Facebook Tests Privacy Law

Handling pictures of children and grandchildren is usually a private affair.

Not in the case of one Dutch grandmother.

A woman’s refusal to remove photos of her grandchild on Facebook and Pinterest boiled over into court in the Netherlands this month, turning what started as a family dispute into a broader test of the limits of internet privacy laws. A judge in the province of Gelderland, in the eastern part of the country, decided that a grandmother was prohibited from posting photos on social media of her three grandchildren without the permission of her daughter, the children’s mother.

The District Court judge said the grandmother had violated Europe’s sweeping internet privacy law, called the General Data Protection Regulation, or G.D.P.R. In the Netherlands, the G.D.P.R. dictates that posting pictures of minors under the age of 16 requires permission from their legal guardians, according to the court’s website.

The women, whose names were not provided in the court documents, fell out about a year ago and hadn’t been in regular contact, according to filings in the court case. After the children’s mother asked for the pictures to be deleted without the desired effect, she took the case to court.

The case has drawn attention because of its novel application of the internet privacy law. Enacted two years ago, the G.D.P.R. is viewed as a way for governments to crack down on the data collection practices of large companies such as Facebook and Google. But the law also gives individuals new ways to limit how their personal data is collected, shared and stored online.

“This is to my knowledge the first case ever in which the G.D.P.R. is used to adjudicate a family dispute,” said Arnoud Engelfriet, a lawyer specializing in internet law at ICTRecht, a law firm in the Netherlands. “This law gives private individuals cause of action against both companies, governments and individuals that violate their privacy. We rarely see this in action due to the costs involved, but it is certainly possible.”

Mr. Engelfriet said he “fully expects” others to use data-protection laws in similar disputes in the future, though he cautioned that freedom of expression rules could limit some attempts.

The G.D.P.R. has been viewed as a model for data-protection laws, but has faced criticism for how it has been applied. European policymakers have promoted it as a way to crack down on large Silicon Valley companies, but many say the law has been weakly enforced. In two years, critics say there has been little action taken against companies such as Facebook, Google and Twitter that have been accused of violating the law.

Tijmen Wisman, a data-privacy lawyer and lecturer at Vrije University in Amsterdam, said the decision raised many questions about how data-protection laws are applied and the power individuals have to force information be removed. “There will always be conflicting interests in applying these sorts of rights,” he said.

In the Netherlands, the judge ordered the grandmother to delete all photos of her three grandchildren from Facebook and Pinterest within 10 days. For every day after that, the woman could incur a fine of at least 50 euros (about $54) per day.

The oldest of the three children, a 14-year-old boy, lived with his grandmother from 2012 till 2019, according to the court case, and during and after that time she posted pictures of all three on Facebook and Pinterest, without asking her daughter’s permission. The daughter has sole custody of the two younger children; she and her ex-partner have custody of the oldest child. Neither parent approved the posting of the pictures, according to the judge’s decision.

The grandmother told the judge that she had already taken down most of the pictures, but asked if she could keep one picture of her oldest grandchild on her page, because she said she had a special relationship with the boy.